fix(codeqlExecuteScan): logging when use both Vault and Jenkins Credentials config (#4600)

* added logging if unauthorized for github * refactored * fixed log message & added logging github response * deleted extra log * refactored log message
2025-03-03 15:02:35 +02:00 · 2023-09-27 14:59:35 +03:00 · 2023-09-27 14:59:35 +03:00 · ccd2acfbb2
commit ccd2acfbb2
parent 2ab1e2a1bc
1 changed files with 13 additions and 5 deletions
--- a/cmd/codeqlExecuteScan.go
+++ b/cmd/codeqlExecuteScan.go
@ -188,19 +188,27 @@ func uploadResults(config *codeqlExecuteScanOptions, repoInfo RepoInfo, token st
 		cmd = append(cmd, "--ref="+repoInfo.ref)
 	}

-	//if no git pramas are passed(commitId, reference, serverUrl, repository), then codeql tries to auto populate it based on git information of the checkout repository.
+	//if no git params are passed(commitId, reference, serverUrl, repository), then codeql tries to auto populate it based on git information of the checkout repository.
 	//It also depends on the orchestrator. Some orchestrator keep git information and some not.

-	var buffer bytes.Buffer
-	utils.Stdout(&buffer)
+	var bufferOut, bufferErr bytes.Buffer
+	utils.Stdout(&bufferOut)
+	defer utils.Stdout(log.Writer())
+	utils.Stderr(&bufferErr)
+	defer utils.Stderr(log.Writer())
+
 	err := execute(utils, cmd, GeneralConfig.Verbose)
 	if err != nil {
+		e := bufferErr.String()
+		log.Entry().Error(e)
+		if strings.Contains(e, "Unauthorized") {
+			log.Entry().Error("Either your Github Token is invalid or you use both Vault and Jenkins credentials where your Vault credentials are invalid, to use your Jenkins credentials try setting 'skipVault:true'")
+		}
 		log.Entry().Error("failed to upload sarif results")
 		return "", err
 	}
-	utils.Stdout(log.Writer())

-	url := buffer.String()
+	url := bufferOut.String()
 	return strings.TrimSpace(url), nil
 }